06eb20e4ca86cc30660ef99b843b34c17f2e22ab0f80b9ad971dec1927d0aaef

Analysis

max time kernel
102s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 01:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

435443d6a3089d20c67e26f7f24312f0N.exe
Size

438KB
MD5

435443d6a3089d20c67e26f7f24312f0
SHA1

0c7aabfc5c5ccc23c8aa47f053d90cd8dbb8adbf
SHA256

06eb20e4ca86cc30660ef99b843b34c17f2e22ab0f80b9ad971dec1927d0aaef
SHA512

b9b01c0f425203998bff8355f4d6f5a6a02f265d03e4c64a7c9a8a4632e9b884033fdd1ddc0a840b0b20b12c401e1e005a2c10a85e4c9cfc0df7a7187df690af
SSDEEP

3072:LmVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLxVxvNS7Y6:SM7jJljxYTHYZM1vF+

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/232-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral2/files/0x00070000000234d6-6.dat	upx
behavioral2/memory/232-34-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe"	435443d6a3089d20c67e26f7f24312f0N.exe

Drops file in System32 directory 33 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\macromd\mature show older pussy and happy to do it.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\pornstar aria giovanni .mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\winxcfg.exe	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\chubby girl bukkake gang banged sucking cock.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\closeups of horny slut serving up sweet hairy bush.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\babe with peach shape pussy that needs it bitten.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\black girl gets dildo wet.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\Lolita preteen sex.mpeg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\busty asian babe with a hairy box.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\sylvia lauren showing her assets.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\an older fat mom spreading wide.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\career girls playing with their snatch after work.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\teen with her legs wide and fingers in her wet cunt.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\horny little blonde spreading pink.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\jenna jameson sex scene huge dick blowjob.scr	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\15 year old on beach.mpg.exe	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\GTA3 crack.exe	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\hot mature blonde in stockings.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\redhead in red lingerie ready to fuck.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\prego housewifes large hole .mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\password stealer.exe	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\hairy lezzies torching it up with hot candles.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\asian girls stuffed mouth shots.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\bottle blonde tramp sucking a dick dry.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\babe enjoys juicy cumshot.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\illegal preteen porn anal fisting.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\hot blonde teen sucking old dick.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\anal fisting ass fucking and double penn.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\preteen snuff sex rape with a stick hardcore.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\tiny little virgin showing off her cherry pussy.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\cutie nailed up the ass.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\ebony girl with massive hooters.mpg.pif	435443d6a3089d20c67e26f7f24312f0N.exe
File created	C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe	435443d6a3089d20c67e26f7f24312f0N.exe

C:\Users\Admin\AppData\Local\Temp\435443d6a3089d20c67e26f7f24312f0N.exe
"C:\Users\Admin\AppData\Local\Temp\435443d6a3089d20c67e26f7f24312f0N.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\macromd\Pamela Anderson And Tommy Lee Home Video (Part 1).mpg.exe

Filesize
84KB

MD5
c0403f380cbca2eda8be367a3033ca0a

SHA1
96d1227e6488d62589a2dd45db5bb6d159c96c09

SHA256
cfbd35a86a7fc6db2a27b8c833632dd163af79ceada62df972757e409dd95d4c

SHA512
b528e292c907131a5a747ca61ffabd7f521f0a49cb26d175eceec09fb07e2c0e6dd7a218cc17c8b2a9e8fef0f4a777365e0d29ea51b3fe8023f256ad9ccfd77e

Download Submit
memory/232-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/232-34-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads